Proxy Problems

So I thought I had successfully blocked MySpace through firewall policies at our school. I'd blocked by keyword (myspace) and by URL (www.myspace.com and myspace.com). The school administrators were happy, the parents were happy, and the teachers were happy. In fact, the teachers were happiest of all since the kids were no longer spending any available computer time MySpace-ing.

Then one day I noticed that about half of my class was logged into MySpace instead of building the real web sites I had assigned.  How could it be, you ask?  Well, most of you have probably discovered the big bad world of proxy servers already.  Our students certainly have, and in fact, are now able to surf the net unfettered by silly content filters if they can get to these sites.  The idea is fairly simple: surf the web via another site/computer not known to our content filters.  The most savvy of students have even figured out how to set up their own home computer as a proxy server so that they can log into their computers from school and surf at will.

The real problem here is that, unless we can find out every proxy server the students are using (which we can't), and specifically block each of them (not gonna happen), then we can't prevent them from using the proxy servers and bypassing the policy filters we have worked so hard to put in place.  These are the same filters that the Childhood Internet Protection Act dictates we effectively maintain if we want to see federal funding (see the post, "Safety First").

There are a few things we can do to disable as many of these proxies from behind our firewalls as possible. By blocking the keyword "proxy" on our firewalls (or our own proxy servers, depending on our architecture), we can prevent students from searching for new proxy sites, as well as any sites that contain the word proxy.  Again, depending upon architecture and available software, we can also disallow all "unknown" sites; this will take care of the kids' homegrown proxies. Our content filter vendor, unfortunately, maintains a database of objectionable sites, rather than good and known sites, so this may not be an option.  Finally, many of the students in our school subscribe to email lists that regularly publish new large proxy sites.  I have subscribed to a number of these and immediately block the latest and greatest sites that the kids are trying to use.

However, the ultimate responsiblity for ensuring that students are not exposed to objectionable content lies with teachers and administrators.  It lies with administrators who must write comprehensive, clear computer use policies that outline appropriate and acceptable uses of computer and network resources.  These policies must also clearly outline consequences for violation of the policies and should probably address proxies specifically. 

Perhaps more importantly, though, the responsibility must lie with the teachers who bring their students to computer labs for research and classwork; it lies with the teachers who teach computer classes. Nobody knows better than I how difficult it is to monitor every student who uses a computer. However, educational IT staff and teachers must work as partners to comply with federal regulations and keep kids safe on the Internet. For six hours a day, we are responsible for what they see and do; teaching faculty need to keep in mind that even the best educational IT folks can't keep up with the rapid proliferation of proxies, social networking, and all-around bad stuff on the Internet.  Although software and hardware tools are available to help, as always, the real work comes down to people.